Robbed in London : New email scam

Recently I came across a new email scam strategy. It's like you will get a mail from your friend's email address that your friend went to some place (London preferably) for vacation and got mugged in the hotel. She lost everything except the passport. Now she needs money to pay the hotel bills and come back to her place. So she requests you to loan her some money (mostly around $1000) which she promises to pay back once she will be back. Also the money has to be transferred through Western Union Money Trasnfer. Following is the exact content:

"From:YOUR FRIEND

Sent: Wednesday, March 03, 2010 11:15 PMSubject: Sad News!!!

I'm writing this with tears in my eyes,my fam and I came down here to London,England for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen offus but luckily for us we still have our passports with us.

We've been to the embassy and the Police here but they're not helping issues at all and our flight leaves in less than 3hrs from now but we're having problems settling the hotel bills and the hotel manager won't let us leave until we settle the bills.

Am freaked out at the moment.."

Seems like they first hack the email account, change the password so that the victim won't be able to access her account. Then send mails to the people in the contact list. Though it's new to me but seems similar stuff already happened through Facebook. Details of the earlier incidents were reported here. Also here is a funny discussion of the hacker and a person to whom the hacker was seeking help after compromising a facebook account.

But this time in case of my friend it was not facebook but msn. So seems like they are now spreading their access over the accounts. Now once your are victimized what should you do???

Well, following are few things you could do to prevent your friends from falling prey of the trap:

Firstly make sure you have a strong password for your account containing upper case and lowercase letters, digits and at least one special symbol like #, $, & etc.

Better to change your password every 3 months or so.

These reduces the probabilities of being hacked. But still there is a chance and if that happens and your friends start getting scam mails from your account, do the following:

Tamaghna has worked on various technologies like java, .net, ruby and various domains including networking and platforms as well. Has done certifications like RHCE, CEH, ECSA, "Diploma in Cyber Law" and "Cyber Crime Investigation". He has also attended "Sec 504: Hacker Techniques, Exploits and Incident Handling" training from SANS institute

Try to login to the compromised account. If you are lucky enough to get into the account change the password immediately. You can also try "Forgot Password" option if that is working.

If you could login to the account, mail all your contact stating that your this account was hacked and do not reply to any mail from this account.

Also if you have any other accounts (facebook, orkut, linkedin etc), please update your status with the same information so that others will be informed about the same.

If you have any other email account, log in to that and inform everybody in you contact. (Luckily you might have the same set of contacts that the compromised account has.)

If you are using the same password in your other accounts change it immediately.

Also you can try reporting the incident to your email service provide and request them to block or reset the account and give it back to you. This process varies for different email service providers. For gmail try this, for hotmail/msn try this, for yahoo this could be helpful.

If you want to go further, you can contact the corresponding law and enforcement agency who deals with cyber crime for further investigation.

Incase of investigation, email headers of the scam mails could be useful as that could gives the ip addresses of the hacker which could lead to her location. So better ask your friends who got the mails to keep the mails/capture the email header and store for further investigation.

Also using ReadNotify you can trace the hacker and give that information to the law and enforcement agency.

Last but not the least, it could be possible that the hacker was using some sort of trojan or keylogger in your computer to get the account information. So scan your computer by antivirus/antitrojan software to ensure that your machine is clean.

Also keep yourself always updated with the knowledge of various scams and let others know.